Vulnerability Details CVE-2020-5211
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 82.1%
CVSS Severity
CVSS v3 Score 5.0
CVSS v2 Score 7.5
References
Products affected by CVE-2020-5211
-
cpe:2.3:a:nethack:nethack:3.2.2
-
cpe:2.3:a:nethack:nethack:3.2.3
-
cpe:2.3:a:nethack:nethack:3.3.0
-
cpe:2.3:a:nethack:nethack:3.4.0
-
cpe:2.3:a:nethack:nethack:3.4.1
-
cpe:2.3:a:nethack:nethack:3.4.2
-
cpe:2.3:a:nethack:nethack:3.4.3
-
cpe:2.3:a:nethack:nethack:3.4.4
-
cpe:2.3:a:nethack:nethack:3.5.0
-
cpe:2.3:a:nethack:nethack:3.6.0
-
cpe:2.3:a:nethack:nethack:3.6.1
-
cpe:2.3:a:nethack:nethack:3.6.2
-
cpe:2.3:a:nethack:nethack:3.6.3
-
cpe:2.3:a:nethack:nethack:3.6.4